Platform compatibility
| macOS | Windows | Linux | iOS / iPadOS | Android |
|---|---|---|---|---|
| ✅ |
How to set it up
Choose your enforcement mode
- Blocklist: all applications are allowed except those explicitly listed.
- Allowlist: only the applications you list are permitted to run.
Add applications
Add applications by their bundle identifier (e.g.
com.spotify.client) or executable name.To find an application’s bundle identifier on macOS, run the following command in Terminal:
osascript -e 'id of app "AppName"'Modifying or removing the control
Disable the control from the profile settings. Disabling stops enforcement but does not remove existing configurations from devices.How it works
Once deployed, macOS evaluates running applications against the policy. Blocked applications are terminated and users see a system notification explaining that the application is not permitted. The policy is enforced continuously — if a user installs a blocked application after the control is applied, it will be prevented from running the next time they attempt to open it.Troubleshooting
An allowed application is being blocked- Double-check the bundle identifier for typos — identifiers are case-sensitive.
- Confirm the control is targeting the correct device group.
- Re-check the enforcement mode: if using an allowlist, make sure the application is explicitly listed.
- The policy is applied at launch time. If the application was already open when the policy was deployed, restart the device or ask the user to quit and reopen the application.